| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Oct 2014 16:36:46 +0200 From: Erik-Paul Dittmer <epdittmer@...italmisfits.com> To: bugtraq <bugtraq@...urityfocus.com> Subject: Multiple Vulnerabilities in Draytek Vigor 2130 VIGOR 2130 (firmware < 1.5.4.9) 1.1. Command injection in traceroute functionality A user can execute arbitrary commands (RCE) on the router by abusing the traceroute functionality. The interface expects an IP address as input, but does not validate the input. Just provide the input: ; id The above outputs the current user id. 1.2. CSRF (Cross-Site Request Forgery) No anti-CSRF measurements in place. This means that an attacker can setup a web page which, when visited by a victim who is logged in into the VIGOR 2130 web-interface, can perform operations onto the web-interface 1.3. Service runs as root The web service is running as root. Timetable: 2014-09-26 : Vender released patches (private and unverified) to their customers 2014-07-22 : Vendor states that most of the vulns. are patched 2014-07-08 : Vendor notified customers with large deployments 2014-06-30 : Response of Vendor 2014-06-24 : Notified Vendor Researchers: Victor van der Veen (vvdveen@...vu.nl) / Erik-Paul Dittmer (epdittmer@...italmisfits.com) - - - - - - - - - - - - - - - - - - - - - - - - - Digital Misfits does not accept any liability for any errors, omissions, delays of receipt or viruses in the contents of this message which arise as a result of e-mail transmission.
Powered by blists - more mailing lists